Filtered by vendor Wordpress
Subscribe
Total
621 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-2201 | 1 Wordpress | 1 Wordpress | 2025-04-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in WordPress before 3.5.2 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) uploads of media files, (2) editing of media files, (3) installation of plugins, (4) updates to plugins, (5) installation of themes, or (6) updates to themes. | |||||
| CVE-2010-5294 | 1 Wordpress | 1 Wordpress | 2025-04-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the request_filesystem_credentials function in wp-admin/includes/file.php in WordPress before 3.0.2 allow remote servers to inject arbitrary web script or HTML by providing a crafted error message for a (1) FTP or (2) SSH connection attempt. | |||||
| CVE-2010-5293 | 1 Wordpress | 1 Wordpress | 2025-04-11 | 5.8 MEDIUM | N/A |
| wp-includes/comment.php in WordPress before 3.0.2 does not properly whitelist trackbacks and pingbacks in the blogroll, which allows remote attackers to bypass intended spam restrictions via a crafted URL, as demonstrated by a URL that triggers a substring match. | |||||
| CVE-2013-4954 | 2 Genetechsolutions, Wordpress | 2 Pie-register, Wordpress | 2025-04-11 | 2.6 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in wp-login.php in the Genetech Solutions Pie-Register plugin before 1.31 for WordPress, when "Allow New Registrations to set their own Password" is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) pass1 or (2) pass2 parameter in a register action. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-5295 | 1 Wordpress | 1 Wordpress | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in wp-admin/plugins.php in WordPress before 3.0.2 might allow remote attackers to inject arbitrary web script or HTML via a plugin's author field, which is not properly handled during a Delete Plugin action. | |||||
| CVE-2012-4874 | 2 Awpcp, Wordpress | 2 Another Wordpress Classifieds Plugin, Wordpress | 2025-04-11 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the Another WordPress Classifieds Plugin before 2.0 for WordPress has unknown impact and attack vectors related to "image uploads." | |||||
| CVE-2011-3863 | 2 Post-scriptum, Wordpress | 2 Redline, Wordpress | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the RedLine theme before 1.66 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. | |||||
| CVE-2012-2109 | 2 Buddypress, Wordpress | 2 Buddypress, Wordpress | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in wp-load.php in the BuddyPress plugin 1.5.x before 1.5.5 of WordPress allows remote attackers to execute arbitrary SQL commands via the page parameter in an activity_widget_filter action. | |||||
| CVE-2012-2400 | 1 Wordpress | 1 Wordpress | 2025-04-11 | 10.0 HIGH | N/A |
| Unspecified vulnerability in wp-includes/js/swfobject.js in WordPress before 3.3.2 has unknown impact and attack vectors. | |||||
| CVE-2012-3574 | 2 Tbelmans, Wordpress | 2 Mm Forms Community, Wordpress | 2025-04-11 | 7.5 HIGH | N/A |
| Unrestricted file upload vulnerability in includes/doajaxfileupload.php in the MM Forms Community plugin 2.2.5 and 2.2.6 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in upload/temp. | |||||
| CVE-2013-3256 | 2 Shareaholic, Wordpress | 2 Sexybookmarks, Wordpress | 2025-04-11 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Shareaholic SexyBookmarks plugin 6.1.4.0 for WordPress allows remote attackers to hijack the authentication of users for requests that "manipulate plugin settings." | |||||
| CVE-2012-4422 | 1 Wordpress | 1 Wordpress | 2025-04-11 | 3.5 LOW | N/A |
| wp-admin/plugins.php in WordPress before 3.4.2, when the multisite feature is enabled, does not check for network-administrator privileges before performing a network-wide activation of an installed plugin, which might allow remote authenticated users to make unintended plugin changes by leveraging the Administrator role. | |||||
| CVE-2011-3128 | 1 Wordpress | 1 Wordpress | 2025-04-11 | 5.0 MEDIUM | N/A |
| WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 treats unattached attachments as published, which might allow remote attackers to obtain sensitive data via vectors related to wp-includes/post.php. | |||||
| CVE-2011-5226 | 2 Trioniclabs, Wordpress | 2 Sentinel, Wordpress | 2025-04-11 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in wordpress_sentinel.php in the Sentinel plugin 1.0.0 for WordPress allows remote attackers to hijack the authentication of an administrator for requests that trigger snapshots. | |||||
| CVE-2012-1785 | 2 Kylegilman, Wordpress | 2 Video Embed \& Thumbnail Generator, Wordpress | 2025-04-11 | 7.5 HIGH | N/A |
| kg_callffmpeg.php in the Video Embed & Thumbnail Generator plugin before 2.0 for WordPress allows remote attackers to execute arbitrary commands via unspecified vectors. | |||||
| CVE-2012-4448 | 1 Wordpress | 1 Wordpress | 2025-04-11 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in wp-admin/index.php in WordPress 3.4.2 allows remote attackers to hijack the authentication of administrators for requests that modify an RSS URL via a dashboard_incoming_links edit action. | |||||
| CVE-2011-3818 | 1 Wordpress | 1 Wordpress | 2025-04-11 | 5.0 MEDIUM | N/A |
| WordPress 2.9.2 and 3.0.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by wp-admin/includes/user.php and certain other files. | |||||
| CVE-2013-2205 | 1 Wordpress | 1 Wordpress | 2025-04-11 | 4.3 MEDIUM | N/A |
| The default configuration of SWFUpload in WordPress before 3.5.2 has an unrestrictive security.allowDomain setting, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted web site. | |||||
| CVE-2013-4339 | 1 Wordpress | 1 Wordpress | 2025-04-11 | 7.5 HIGH | N/A |
| WordPress before 3.6.1 does not properly validate URLs before use in an HTTP redirect, which allows remote attackers to bypass intended redirection restrictions via a crafted string. | |||||
| CVE-2012-3578 | 1 Wordpress | 2 Fcchat Widget, Wordpress | 2025-04-11 | 6.8 MEDIUM | N/A |
| Unrestricted file upload vulnerability in html/Upload.php in the FCChat Widget plugin 2.2.13.1 and earlier for WordPress allows remote attackers to execute arbitrary code by uploading a file with a file with an executable extension followed by a safe extension, then accessing it via a direct request to the file in html/images. | |||||